ET MALWARE Win32/Borr Stealer Variant Sending System Information
Sourceet/open
CreatedMay 16, 2022
UpdatedMay 16, 2022
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Win32/Borr Stealer Variant Sending System Information"; flow:established,to_server; content:"Content-length|3a|"; content:!"|20|"; distance:0; within:1; content:"UserId|3a|"; content:!"|20|"; distance:0; within:1; content:"Crypto|3a|"; content:!"|20|"; distance:0; within:1; content:"Passworld|3a|"; fast_pattern; content:!"|20|"; distance:0; within:1; content:"Cookies|3a|"; content:!"|20|"; distance:0; within:1; content:"PK"; distance:200; content:"Processes.txt"; distance:0; content:"User Information.txt"; distance:0; reference:url,twitter.com/3xp0rtblog/status/1522491866834472960; reference:md5,d4d4b796efaf717170edf1a90eeb2a0d; reference:md5,69aef5f237246dec6ef82dda0982e46b; reference:md5,c7175f875b79020acc88eda29100e6d7; classtype:trojan-activity; sid:2036595; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_05_16, deployment Perimeter, malware_family Win32_Borr, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_05_16, reviewed_at 2024_05_07;)
References
| url | twitter.com/3xp0rtblog/status/1522491866834472960 |
| md5 | d4d4b796efaf717170edf1a90eeb2a0d |
| md5 | 69aef5f237246dec6ef82dda0982e46b |
| md5 | c7175f875b79020acc88eda29100e6d7 |
Metadata
attack targetClient_Endpoint
created at2022_05_16
deploymentPerimeter
malware familyWin32_Borr
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_05_16
reviewed at2024_05_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!